Hi,
HAProxy 3.1.1 was released on 2024/12/11. It added 42 new commits
after version 3.1.0.
Almost all of these are fixes for the 3.1 branch, in the following areas:
- startup: despite rigorous testing on the startup changes and almost 2
months in prod, a few side effects were found and reported. The most
visible one was that -c which checks the config, didn't prevent the
process from forking when in daemon mode. The implication is that the
config could be reported as valid even when not because the process
started, forked a child which parsed the config, then immediately exited.
And similarly, working in daemon mode would not wait for the child to
confirm (or deny) the validity of the config. That's more visible with
large or slow configs with warnings or errors, that would print the
warnings or errors after the shell's prompt. The problem here is that
the daemon would also report a success for faulty setups. Also, when
starting in foreground, it was visible that Ctrl-C wouldn't always be
delivered to the process depending on the shell/OS this was started
from, with "^C" being printed instead (due to SIGINT being disabled
by the shell and HAProxy systematically doing a setsid() instead of
reserving it to daemon mode). Finally, "-c" would have the nasty side
effect of overriding the pidfile if it was defined. All of this has
been fixed, now both the checker or the daemon correctly wait for their
child's report, Ctrl-C is working fine again, and -c doesn't touch the
pidfile anymore. This alone is a good reason for updating.
- QUIC: some cases of streams freezing in the send path when pacing is
enabled were addressed. One of them could theoretically even crash,
though this was not reproduced. Some alerts on old systems not
supporting UDO GSO or socket-owner were removed since that's only a
status that the user cannot do anything about, and it doesn't prevent
from starting up. A calculation bug was addressed in BBR.
- analysers: a rare circumstances, L7 retries could cause a crash because
the request was dropped before the retry took effect.
- H2: the changes to support a larger Rx window for faster uploads
required a change in how the stream position is counted. But applying
these changes to (read-only) closed streams definitely causes crashes.
The timing seems very tight since we never got any single one on
haproxy.org for a few months of exposure.
- core: the issue we've been chasing for 2 months now was in fact a reply
of the same we've worked on for 4 months 18 months ago, and only happens
on Ubuntu kernels 5.4 and 5.15, where for a totally unknown reason,
epoll_wait() may occasionally report an error during a pending connect(),
but once it finishes in success, everything works, except that this
error is reported as a server error (which it technically is as seen
from the code). We've put in place a detection and workaround for this
case which has already wasted 6 months of painful investigation in 2
years. Note: that doens't mean that all 502 were caused by this, but the
few for which we got strace outputs definitely were.
- dynamic servers: deleting a server that's currently about to be displayed
in stats but interrupted leaves a dangling pointer in the stats dumper
thread that most often will crash when it resumes dumping. The mechanism
was changed for a more reliable (albeit a bit more complex) one.
- the accept-invalid-http-{request,response} would be ignored if declared
before "mode http" due to another warning being emitted in this case.
- H1: an HTTP reason wouldn't automatically be set on an HTTP/1 response
if none was present in the server's response (e.g. if coming from an H2
server).
- H2: the glitches description was added so that "debug counters" doesn't
only report cryptic line numbers anymore.
- Lua: deleting more than one server at once between two calls to the Lua
interpreter could leave the list of servers in an inconsistent state.
- QUIC/BBR: timers were inaccurate on very fast links (e.g. loopback) due
to a quick wraparound of nanosecond-based timers resulting in some
incorrect calculations. The result was a low performance in this case.
And the support for 421-misdirected in "retry-on" was backported.
Lots of thanks to all those who were quick at reporting the issues they
faced. That was efficient since most of the affected areas are still
fresh in the developers' heads. Overall I'm pretty satisfied with the
low impact of the vast majority of these issues. In any case if you're
currently evaluating 3.1.0, please just skip to 3.1.1.
Please find the usual URLs below :
Site index : https://www.haproxy.org/
Documentation : https://docs.haproxy.org/
Wiki : https://github.com/haproxy/wiki/wiki
Discourse : https://discourse.haproxy.org/
Slack channel : https://slack.haproxy.org/
Issue tracker : https://github.com/haproxy/haproxy/issues
Sources : https://www.haproxy.org/download/3.1/src/
Git repository : https://git.haproxy.org/git/haproxy-3.1.git/
Git Web browsing : https://git.haproxy.org/?p=haproxy-3.1.git
Changelog : https://www.haproxy.org/download/3.1/src/CHANGELOG
Dataplane API :
https://github.com/haproxytech/dataplaneapi/releases/latest
Pending bugs : https://www.haproxy.org/l/pending-bugs
Reviewed bugs : https://www.haproxy.org/l/reviewed-bugs
Code reports : https://www.haproxy.org/l/code-reports
Latest builds : https://www.haproxy.org/l/dev-packages
Willy
---
Complete changelog :
Amaury Denoyelle (7):
BUG/MEDIUM: quic: prevent stream freeze on pacing
BUG/MEDIUM: mux-quic: remove pacing status when everything is sent
BUG/MINOR: quic: remove startup alert if conn socket-owner unsupported
BUG/MINOR: quic: remove startup alert if GSO unsupported
BUG/MINOR: stats: decrement srv refcount on stats-file release
MINOR: list: define a watcher type
BUG/MEDIUM: stats/server: use watcher to track server during stats dump
Aurelien DARRAGON (4):
BUG/MINOR: log: fix lf_text() behavior with empty string
BUG/MEDIUM: event_hdl: fix uninitialized value in async mode when no data
is provided
DOC: config: fix confusing init-state examples
BUG/MINOR: hlua_fcn: restore server pairs iterator pointer consistency
Christopher Faulet (7):
BUG/MEDIUM: sock: Remove FD_POLL_HUP during connect() if FD_POLL_ERR is
not set
MINOR: proxy: Add support of 421-Misdirected-Request in retry-on status
BUG/MEDIUM: http-ana: Reset request flag about data sent to perform a L7
retry
BUG/MINOR: h1-htx: Use default reason if not set when formatting the
response
BUG/MINOR: config: Fix parsing of accept-invalid-http-{request,response}
BUG/MINOR: http-fetch: Ignore empty argument string for query()
BUG/MINOR: server-state: Fix expiration date of srvrq_check tasks
Frederic Lecaille (3):
BUG/MINOR: improve BBR throughput on very fast links
BUILD: quic: fix a build error about an non initialized timestamp
BUG/MINOR: quic: fix bbr_inflight() calls with wrong gain value
Ilia Shipitsin (3):
BUG/MINOR: namespace: handle a possible strdup() failure
BUG/MINOR: ssl_crtlist: handle a possible strdup() failure
BUG/MINOR: resolvers: handle a possible strdup() failure
Valentine Krasnobaeva (9):
BUG/MINOR: signal: register default handler for SIGINT in signal_init()
BUG/MINOR: startup: close pidfd and free global.pidfile in
handle_pidfile()
BUG/MINOR: startup: fix pidfile creation
BUG/MINOR: mworker: don't save program PIDs in oldpids
BUG/MINOR: mworker: fix -D -W -sf/-st modes
BUG/MINOR: startup: fix error path for master, if can't open pidfile
BUG/MEDIUM: startup: don't daemonize if started with -c
BUG/MEDIUM: startup: report status if daemonized process fails
BUG/MEDIUM: mworker: report status, if daemonized master fails
Willy Tarreau (9):
BUG/MEDIUM: init: make sure only daemonized processes change their session
BUG/MINOR: init: do not call fork_poller() for non-forked processes
BUG/MEDIUM: mux-h2: make sure not to touch dummy streams when sending WU
BUG/MINOR: debug: COUNT_IF() should return true/false
BUILD: debug: fix build issues in COUNT_IF() with -Wunused-value
MINOR: mux-h2/traces: add a missing trace on negative initial window size
CLEANUP: mux-h2/traces: reword certain ambiguous traces
MINOR: mux-h2/glitches: add a description to the H2 glitches
BUG/MINOR: mux-h2: fix expression when detecting excess of CONTINUATION
frames
---
